← back
CVE-2020-11505

CVE-2020-11505

EPSS 1.2%
Vexday Risk Score
3Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS EPSS 1.2%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
22 Apr 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
An issue was discovered in GitLab Community Edition (CE) and Enterprise Edition (EE) before 12.7.9, 12.8.x before 12.8.9, and 12.9.x before 12.9.3. A Workhorse bypass could lead to NuGet package and file disclosure (Exposure of Sensitive Information) via request smuggling.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://about.gitlab.com/blog/categories/releases/https://about.gitlab.com/releases/2020/04/14/critical-security-release-gitlab-12-dot-9-dot-3-released/